Access control for computers

ABSTRACT

The invention provides a general and flexible mechanism for a secure access control on a computer. Cryptographic checksums are applied for the identification of a program to another program. These cryptographic checksums are generated automatically for the programs. Each program has its program-specific identifier which can be regarded as a substantially unique value or name. Such a program-specific identifier can be used to verify the validity of one program to another program. Mutual trust relationships between different programs can therewith be set up easily.

TECHNICAL FIELD

[0001] The present invention relates to secure and trusted processing ofprograms and applications on a computer. More particularly, theinvention is related to a mechanism for the identification of a programto another program.

BACKGROUND OF THE INVENTION

[0002] Traditional computer and computer systems, particularly connectedsystems within a defined network, are managed by systems administrators.The currently used access control mechanisms have focused on separatingthe users from one another based upon a security policy determined bythe systems administrators. Some, primarily military, systems haveallowed finer-grained access control policies allowing separation ofdifferent aspects of an individual user but the complexity of thesesystems made them prohibitively expensive to administer. As a result,these system access control mechanisms have not been widely adopted.

[0003] The access control schemes available in various databases and inJava offer finer-grained control of data and objects but do now solvethe general problem of access control at the system level.

[0004] Most personal computers (PC) can not solve sufficiently theproblem of security. PC operating systems, including DOS, Windows, andMacOS, have been assaulted by a barrage of viruses, Trojan horses, andother malicious software, also referred to as malware. The release anduse of such malware has been essentially a form of vandalism and itsdanger grows with the use of the Internet.

[0005] If one use such systems for economically meaningful transactions,there is far greater benefit and hence incentive for an attacker. Thus,the need for security is essential, whereby a call arises for anappropriate access control mechanism.

[0006] The form factor and usage characteristics of hand held devises,such as personal digital assistants, also abbreviated as PDAs, makesthem extremely desirable for use in many e-commerce applications.Unfortunately, current PDA operating systems do not offer the neededsecurity for e-commerce applications. The very fact that PDAs arepowerful and general purpose computing devices renders them vulnerableto attack. E-commerce systems based upon PDAs are potentially vulnerableto an entire range of attacks which also can endanger other includedsystems, e.g. smartcards.

[0007] Commonly, a system administrator must determine how much trustcan be given to a particular program and/or user. This determinationincludes considering the value of the information resources on thesystem in deciding how much trust is required for a program to beinstalled with privilege. It is a drawback that the system administratorhas to update the system and the privileges continuously.

[0008] U.S. Pat. No. 3,996,449 is related to an operating systemauthenticator for determining if an operating system being loaded in acomputer is valid. A user's identification code or secret key which isunique to the operating system, and a verifier value which is apredetermined function of a valid operating system and theidentification code are respectively stored. A hash function, which is afunction of the operating system being loaded and the identificationcode, is generated by the authenticator. After the operating system isloaded, the hash function is used as an authenticating value andcompared with the verifier value for determining the authenticity of theloaded operating system.

[0009] In U.S. Pat. No. 5,113,442 a method, and an operating systemutilizing this method, for controlling access rights among a pluralityof users is described. Each user is provided a user identificationnumber which is prime and each secure object is provided an access codewhich comprises a value that is a product of the user identificationnumbers of all users having the same access rights to that secureobject. In response to a request by a user for access to a secureobject, the access code for that secure object is divided by the useridentification number of the requesting user.

[0010] Access rights of the user to the requested secure object aredetermined based on whether the result of the division yields a zeroremainder.

GLOSSARY

[0011] The following are informal definitions to aid in theunderstanding of the following description.

[0012] Hash function is a computationally efficient function mappingbinary strings of arbitrary length to binary strings of some fixedlength.

[0013] One-way hash function is a function which takes a variable-lengthmessage M or some data and produces a fixed-length value, also referredto as hash or specific identifier. Given the specific identifier, it iscomputationally infeasible to find a message with that specificidentifier; in fact one can't determine any usable information about themessage M with that specific identifier. In other words, the time tocreate such a specific identifier is substantially shorter than the timeto reconstruct the variable-length message out of the specificidentifier. Moreover, the time to find two identical specificidentifiers is substantially longer than the time to create one specificidentifier.

[0014] Trusted computing base (TCB) indicates the totality of protectionmechanisms within a computer system, including hardware, firmware, andsoftware, the combination of which is responsible for enforcing asecurity policy.

OBJECT OF THE INVENTION

[0015] It is an object of the present invention to overcome thedisadvantages of the prior art.

[0016] It is another object of the present invention to provide amechanism for a secure access control of programs on a computer or ondistributed systems.

[0017] It is still another object of the present invention to provide anaccess control mechanism which not requires any system administrator.

[0018] It is a further object of the present invention to present anaccess control mechanism which is unspoofable and therefore works in asecure manner.

[0019] It is yet another object of the present invention to provide amethod and an apparatus for verifying the identity of a program on acomputer to another program on the same or different computer.

SUMMARY AND ADVANTAGES OF THE INVENTION

[0020] The objects of the invention are achieved by the features statedin the enclosed independent claims. Further advantageous implementationsand embodiments of the invention are set forth in the respectivesubclaims.

[0021] The invention provides a general and flexible mechanism for asecure access control on a computer or on distributed computers. Whenreferring to a computer, any kind of computer is meant that has atrusted computing base, also abbreviated as TCB. Such a computer can bea member of a network and can support multiple secure domains orapplications.

[0022] The basic idea of the invention is that a computer usescryptographic functions, i.e. cryptographic checksums, also referred toas one-way-hash functions, to automatically generate program-specificcryptographic identifiers or short program-specific identifiers and formtherewith the basis of an access control mechanism. Theseprogram-specific identifiers can be regarded as names for the programsand are obtained by applying a hash function to the programs. Theoutput, the program-specific identifier, also called hash value, is asubstantially unique value for a specific program that might be stored,cached, or derived on-the-fly. In general, the names are provided by thetrusted computing base or in more detail by an operating system. Thecryptographic function fulfills at least the following criteria. Thetime to create such a specific identifier is substantially shorter thanthe time to reconstruct the program or part thereof out of the specificidentifier. Moreover, the time to find two identical specificidentifiers is substantially longer than the time to create one specificidentifier.

[0023] The mechanism runs as follows. A message-originator program sendsa message including its derived name to a message-receiver program. Thename is provided by the operating system and might be added to themessage during sending or transferring. After receiving the message, thename is verified whether it is known to the message-receiver programand/or the trusted computing base. By doing so, the message that mayinclude a special request can be accepted or rejected depending on theverification. For a response to the message, the message-receiverprogram converts to a so-called response-message-originator program,i.e. the message-receiver program becomes a message-originator program,and sends a message-response with its specific name.

[0024] Under a program is understood any kind of code or software whichis able to run on a computer, such as application programs, Java-basedprograms, or virtual machines.

[0025] The present mechanism shows several advantages, such as it is notspoofable and is easily implemented. The work of a system administratorbecomes redundant, since the names are created automatically by thetrusted computing base. In general, the trustworthiness of computers canbe increased dramatically and make them to safe and reliable devices,since several domains or applications can run one the same computerwithout being attackable by insecure programs.

[0026] By using the mechanism, uncontrolled and potentially insecureprograms, such as suspected and attacking programs, cannot take controlover the computer or interfere sensitive programs and applications.

[0027] On the one hand, if a program-specific identifier, i.e. aprogram-specific name, is known to the message-receiver program and aresponse-message is sent comprising an acceptation or acknowledgment anda response-program-specific identifier that, on the other hand, is knownto the message-originator program, then the advantage occurs that bothprograms can trust each other, whereby the message-receiver program isthen willing to inter-operate with the message-originator program. Atrusted communication between both program can be set up easily.

[0028] Such a mentioned program-specific identifier is derivable byapplying a first hash function to the message-originator program and aresponse-program-specific identifier is derivable by applying a secondhash function to the message-receiver program. This proves advantageousbecause, in general, various hash functions can be applied to create aprogram-specific identifier and thus the mechanism is not restricted toa special type of hash function. The only assumption is that theprogram-specific identifier should be known to the message-receiverprogram in order to set up communication.

[0029] Nevertheless, the applied hash functions can be also identical,whereby a one-way-hash function, such as MD5 or SHA-1 is applicable.Such hash function are well known, work reliable, and can be processed,i.e. applied to a program in the millisecond time scale, without anyremarkable effect to the user or the computing time in general.

[0030] A hash-function generator should be implemented into the trustedcomputing base, such that the program-specific identifiers are derivedand provided by this trusted computing base automatically. Based on theunderlying security policy, the trusted computing base cannot becircumvented or undermined by an attacker.

[0031] It is advantageous if the program-specific identifier and/or themessage is signed by use of a private cryptographic key. By doing so,mutual trust between different programs can be established and set upeasily. Moreover, arbitrarily trust relationships can be created,whereby it is particularly advantageous that the user has nothing toconfigure.

[0032] It is also advantageous if an additional program-specificidentifier which is signed by the private cryptographic key is sentwithin the message, because the message-receiver program becomessecurely manageable by developers whereby additional trusted programscan be installed and therewith trusted domains or applications can beset up easily. In other words, different programs which come from thesame developer trust each other and can create mutual trustrelationships.

[0033] The message-receiver program and/or the trusted computing basemight have a public cryptographic key with which the response can besinged. This implies that if the message-originator program, that meansthe requesting program, has been written correctly, the message-receiverprogram and/or the trusted computing base will generate signatures onlyfor documents that have been authorized by the user.

[0034] If program-specific identifiers are pre-stored in a list or adatabase, than a fast access to this identifiers and therefore a fastverification can be provided. It shows also advantageous if trustedprogram-specific identifiers are delivered or installed within thetrusted computing base or when the computer is initialized for the veryfirst time.

[0035] In the case that the program-specific identifier is not known tothe message-receiver program and/or the trusted computing base, themessage or request is rejected, for example be returning a zero to themessage-originator program. This implies that the message-originatorprogram is not a trusted one and might be suspect or even dangerous. Forsuch programs a special domain can be created. But again, the positivepoint is that such programs can not interfere others, that means, forexample, trusted programs, relevant documents, or private records on thecomputer.

DESCRIPTION OF THE DRAWINGS

[0036] The invention is described in detail below with reference to theaccompanying schematic drawings, wherein:

[0037]FIG. 1 shows a block diagram of a computer system;

[0038]FIG. 2 shows a schematic illustration of an exchange of messagesaccording to the present invention;

[0039]FIG. 3 shows a schematic illustration of a purchase scenario usinga key;

[0040]FIG. 4a shows a schematic illustration of a file system objectwith access control using a hash;

[0041]FIG. 4b shows the file system object of FIG. 4a for dynamic setupusing digital signatures; and

[0042]FIG. 5 shows a schematic illustration of an embodiment using ahelper application to set up mutual trust relationships.

[0043] All the figures are for the sake of clarity not shown in realdimensions, nor are the relations between the dimensions shown in arealistic scale.

DESCRIPTION OF PREFERRED EMBODIMENTS

[0044] With general reference to the figures and with special referenceto FIG. 1 the essential features of an access control mechanism forcomputers using cryptographic functions is described in more detailbelow. At first, some general points are addressed.

Hash Function

[0045] A hash function is a computationally efficient function mappingbinary strings of arbitrary length to binary strings of some fixedlength.

One-way Hash Function

[0046] A one-way hash function is a function which takes avariable-length message and produces a fixed-length hash or value. Thus:h=H(M), with H the one-way hash function, M the message and h the hashvalue for message M. Given the hash h it is computationally infeasibleto find a message M with that hash; in fact one can't determine anyusable information about a message M with that hash. For some one-wayhash functions it is also computationally infeasible to determine twomessages which produce the same hash. Moreover, a one-way hash functioncan be private or public, just like an encryption function. MD5, SHA-1,and Snefru are examples of public one-way hash functions.

[0047] If such a one-way hash function is applied to a program E, whichcan be any program, than the output, the hash value h, is asubstantially unique value, also referred to as program-specificidentifier. This program-specific identifier can also be seen as a namethat is given to the specific program E. In other words, the program E,that can be viewed as a byte stream E={b₀, b₁, b₂, . . . }, can beassociated with its substantially unique name H(E). When the program Eis run, it run with the label H(E). Persistent data created by theprogram E is accessible only to the program E and also bears the nameH(E).

[0048] Using for example the above mentioned one-way hash functionSHA-1, the probability to find two identical program-specificidentifiers is approximately 1 to 2⁸⁰, and the probability to find to agiven program another program with the same program-specific identifieris approximately 1 to 2¹⁶⁰.

Trusted Computing Base (TCB)

[0049] Under trusted computing base, also abbreviated as TCB, isunderstood the totality of protection mechanisms within a computersystem, including hardware, firmware, and software, the combination ofwhich is responsible for enforcing a security policy. An operatingsystem being part of the trusted computing base. The security policyrequests that the trusted computing base cannot be circumvented orundermined. i.e. it is secure against attacks.

[0050] The present access control mechanism can be used in general incomputers and computer systems. When referring to a computer, any kindof device is meant that can be a member of a local network. Examples ofdevices are: laptop computers, workpads, nodepads, personal digitalassistants (PDAs), notebook computers and other wearable computers,desktop computers, computer terminals, networked computers, internetterminals and other computing systems, set-top boxes, cash registers,bar code scanners, point of sales terminals, kiosk systems, cellularphones, pagers, wrist watches, digital watches, badges, smartcards, andother handheld and embedded devices. Other devices considered include:headsets, Human Interface Device (HID) compliant peripherals, data andvoice access points, cameras, printers, fax machines, keyboards,joysticks, kitchen appliances, tools, sensors such as smoke and/or firedetectors, and virtually any other digital device.

[0051] Other examples of wearable computers that can be used inconnection with the present invention are, personal effects beingequipped with computer-like hardware, such as a “smart wallet” computer,jewelry, or articles of clothing. In addition to a “smart wallet”computer, there are a number of other variations of the wearablecomputers. A “belt” computer is such a variation which allows the userto surf, dictate, and edit documents while they are moving around. Yetanother example is a children's computer which is comparable to apersonal digital assistant for grade-school children. The children'scomputer might hold assignments, perform calculations, and help kidsmanage their homework. It can interface with other children's computersto facilitate collaboration, and it can access a teacher's computer todownload assignments or feedback. Any wearable or portable device, anyoffice tool or equipment, home tool or equipment, system for use invehicles, or systems for use in the public (vending machines, ticketingmachines, automated teller machines, etc.) might be used in the contextof the present invention.

[0052] In order to aid in the understanding of the present invention,FIG. 1 shows a high-level block diagram of a computer 2.

[0053] The computer 2 includes hardware components 4 such as one or morecentral processing units (CPU) 6, a random access memory (RAM) 8, and aninput/output (I/O) interface 10. The computer 2 also includes anoperating system 20. Various peripheral devices are connected to thecomputer 2, such as secondary storage devices 12 (such as a hard drive),input devices 14 (such as keyboard, mouse, touch screen, a microphone,or infrared- or RF receiver), display devices 16 (such as a monitor oran LCD display), and output devices 18 (such as printers, or infrared-or RF transmitter). Also a smartcard device could be coupled to theinput/output devices 14, 18. A plurality of programs 22, 24, 26 areexecuted in the computer 2. The programs 22, 24, 26 may be executedsequentially in the computer 2, but preferably executed in parallel inthe computer system 2.

[0054] The hardware components 4 and the operating system 20 form atrusted computing base TCB, which constitute the basis for a secure andtrusted computing. Into the trusted computing base, a generator-module21 for creating program-specific identifiers is implemented. Thisgenerator-module 21 is basically a cryptographic-function generator 21that can be implemented in software as well as in hardware. Since thegeneration of a hash value by applying a hash function, preferably aone-way hash function as described above, is not time-consuming for aprocessor, the cryptographic-function generator 21 might be implementedin the operating system 20 itself. Any cryptographic-function might besuitable that outputs a substantially unique value.

[0055] The structure of the computer 2, as described with reference toFIG. 1, is to be seen as the underlying device, that can be used in thefollowing embodiments.

[0056] Still referring to FIG. 2, which shows a high-level schematicillustration of an exchange of messages. Some basics are explained inthe following. A message-originator program D wants to communicate withanother program, here a message-receiver program S. The message-receiverprogram S knows one or more program-specific identifiers. Theseidentifiers could be pre-stored or cashed and might be also known to theoperating system 20. At first, the message-originator program D sends arequest m within a message to the message-receiver program S. Thereby,the generator-module 21 as part of the operating system 20 derives aprogram-specific identifier H(D) from the message-originator program Dand adds this program-specific identifier H(D) to the message, asindicated by the arrow labeled with H(D), m.

[0057] In general, the operating system 20 adds to all requests sent bya message-originator program to a message-receiver program therespective program-specific identifier of the message-originator programwhich then can be verified or identified by the message-receiverprogram.

[0058] For simplification reasons, the generator-module 21 is not shownin FIG. 2. The program-specific identifier H(D) can also be pre-storedfrom the message-originator program D. After receiving the messageincluding the program-specific identifier H(D) and the request m, themessage-receiver program S tries to extract the program-specificidentifier H(D) and verifies it with its known identifiers. If theprogram-specific identifier H(D), is known to the message-receiverprogram S, whereby this is here indicated by H(D) in box S, themessage-receiver program S would accept further communication with themessage-originator program D. For that, the message-receiver program Ssends a response-message comprising a response n and itsprogram-specific identifier H(S), also referred to asresponse-program-specific identifier H(S), to the message-originatorprogram D, as indicated by the arrow from box S to box D. Theresponse-program-specific identifier H(S) is thereby also provided bythe operating system 20. Since the message-originator program D and themessage-receiver program S can be executed on different computers orsystems which are connectable via a network, each program D, S can haveits trusted computing base that provides program specific identifiers. Aconnection to the network is provided by means known in the art, such aswire, infrared, RF, et cetera.

[0059] In the following, the various exemplary embodiments of theinvention are described.

[0060]FIG. 3 shows a schematic illustration of a purchase scenario usinga key. Based on the trusted computing base and therewith on theoperating system 20 run several programs or applications incompartments, that here is called browse B, display D and sign S. Theunderlying conception of this embodiment is that anyone should be ableto ask for something. Since display D and sign S run in a securecompartment and thus are trustworthy whilst browse B is not, browse B orany other program can send a request to display D.

[0061] For example, when a signature is needed, a document is passed tothe secure compartments display D and sign S for display, authorization,and signature generation. The security of the scheme is dependent onlyupon the sign S and display D compartment and its ability to displayinformation to the user, and the sign compartment's ability to acceptrequests from display D. Only sign S needs access to a signing key k, asindicated in box S.

[0062] The display D compartment's ability to display data to a user hastwo primary assumptions: that the compartment can obtain a resource lockon the display D and that the data itself have a single well definedmeaning. The ability to lock the display D is useful to diminish thethreat of Trojan Horses. The granting of exclusive locks on systemresources allows malicious code to either soft or hard lock the systemthereby staging a denial of service attack. Assuming that all systemlocks can be forced to be soft locks, this threat is not interesting. Itis thus the case that the primary issue is that the system should beable to lock a sufficient number of resources. These resources includethe display, touch screen, various other I/O devices, memory pages, etcetera.

[0063] Sign S should be able to protect and manage its key k and toensure that a request to sign a document came from browse B. Protectingand managing these data means that they should only be accessible toother compartments though sign's external interfaces. This impliescertain low level properties of the system: the system should not allowraw access to memory, the integrity of messages (IPC) should bemaintained, and access to system resources does not use the completeprivileges.

[0064] By using the above described scheme of generatingprogram-specific identifiers for each compartment, a naming system isprovided so that there is a well defined difference betweencompartments.

[0065] It is assumed that a user wants to select and purchase an item.The item can be selected using browse B, that is a browser, as that ofWAP (Wireless Applications Protocol), running on a PDA (personal digitalassistant) that may bases on the computer as indicated with reference toFIG. 1. A browser is an extremely sophisticated piece of software thatacts upon complex data supplied by untrusted users. It is possible,however, for the browser B to generate a request which is handed todisplay D and sign S for terms of payment authorization. For that, thebrowser B sends a request m to sign a document within a message todisplay D, whereby the operating system 20 attaches to the request m theprogram-specific identifier H(B) of browser B. This is indicated by thearrow labeled with H(B), m.

[0066] Display D, that is compared to browse B as small piece ofsoftware, forwards the request m with its program-specific identifierH(D), as indicated by the arrow labeled with H(D), m. The signcompartment, sign S, that might be a smartcard, verifies the receivedmessage with its known program-specific identifiers. When theprogram-specific identifier H(D) is known to sign S, whereby this ishere indicated by H(D) in box S, the request m is accepted. Moreover, ifdisplay D has been written correctly, sign S generates signatures onlyfor documents that have been authorized by the user.

[0067] A signature on the request m under the key k is denoted as k⁻¹.Sign S signs the request m and sends it together with itsprogram-specific identifier to display D. This is indicated by the arrowlabeled with H(S), k⁻¹ m. Further, display D passes the signed requestwith its program-specific identifier to browse B, as indicated by thearrow labeled with H(D), k⁻¹ m.

[0068]FIG. 4a shows a schematic illustration of a file system objectwith access control using a hash. Naturally, there is a need fordifferent applications, hereafter also referred to as objects, to sharedata. FIG. 4a indicates persistent objects, namely object A, object F,and object G, whereby object A and object G are connected to object F,that is a trusted object. Moreover, object F has an access control list40 with entries for object A only. The object F receives two readrequests r(n₁) and r(n₂), both accompanied by the respectiveprogram-specific identifier H(A) and H(G), as it is indicated by thearrows labeled with H(A),r(n₁) and H(G),r(n₂) towards object F,respectively. The first request r(n₁) comes from object A, which appearsin object F's access control list 40. This is granted, whereby d₁ isreturned by object F as indicated by the arrow labeled with H(F), d₁.The second request r(n₂) comes from object G, which does not appear inobject F's access control list 40. Thus, the second request r(n₂) isdenied, whereby a null is returned as indicated by the arrow labeledwith H(F),Ø. Different access control lists could be kept for read andwrite privileges.

[0069] More complex objects F with rich method sets can use the sametype of construction to implement desired access control policies ingenerality.

[0070] While FIG. 4a illustrates a static setup which does not allow toupdate the collection of trusted objects, FIG. 4b shows, based on theconfiguration of FIG. 4a, a file system object for dynamic setup.

[0071] The configuration of FIG. 4a can be updated using digitalsignatures. Therefore, object F has a public key K, as indicated in boxF. Object F and object G are based on a first operating system 42,whilst a helper application, also referred to as object C, bases on asecond operating system 44 which are connected by a channel 46 as it isknown in the art. The first operating system 42 runs at a user whereasthe second operating system 44 runs at a developer or a trusted entity.Object C is used to deliver k⁻¹ H(G), whereby k⁻¹ is a private key, toobject F which verifies the validity of the signature and adds theprogram-specific identifier H(G) of the object G to its access controllist 40. Access requests such as H(G),r(n₁) from object G to object Fwill now be granted by object F, that returns H(F), d₁, as indicated bythe respective arrows.

[0072] The construction depends upon the fact that the bearer of adigital signature does not need to be trusted so long as the signatureis valid.

[0073] One can use this very fact to set up arbitrarily complicatedtrust relationships using a helper application.

[0074]FIG. 5 shows a schematic illustration of an embodiment using ahelper application, that here is object C again, to set up mutual trust(MT) relationship between object A and object G. Both objects A, G havethe public key k and their own specific access control list, asindicated below the objects A, G, respectively. Using object C as thehelper application, object C delivers k⁻¹ H(G) with its program-specificidentifier H(C) to object A, which verifies the validity of thesignature and adds the program-specific identifier H(G) to its accesscontrol list. On the other hand, object C delivers k⁻¹ H(A) with itsprogram-specific identifier H(C) to object G, which verifies thevalidity of the signature and adds the program-specific identifier H(A)to its access control list. For further communication, object A cancontact directly object G and vice versa, because now they know andtrust each other, as indicated by the doted line between box A and G.

[0075] The scheme described with reference to FIG. 5 is not the same astraditional code signing which requires an intractable hierarchy ofkeys, certificates, developer registration, an so forth. The scheme doesnot use code signing to determine system privileges but is rather usingsignatures as credentials in a developer software coterie.

[0076] An example of where this might be useful is if a bank has severalpayment schemes which wish to share a common key. The individualcomponents can be updated independently.

[0077] The following embodiment describes the design of a payment systemusing digital signatures using the access control mechanism based oncryptographic functions. This system is designed to be used through WAPwithout depending upon the security of WAP itself. Several steps areindicated in the following.

Global Setup

[0078] The initial setup for a bank is not too intrusive, since the bankneed not contact the creators of the device, i.e. manufacturer of thePDA or computer.

[0079] 1. The bank generates a public key/private key pair to signindividual users keys. This key pair is denoted as mk/mk⁻¹. This couldbe the banks master key or some derivative thereof.

[0080] 2. The bank generates a public key/private key pair to identifymembership in the banks suite of applications. This key pair is denotedas ak/ak⁻¹.

[0081] 3. The bank writes a signing program S that comprises the publickeys mk and ak.

[0082] 4. Moreover, the bank writes a display program D, such asdescribed with reference to FIG. 3. It accepts as a simple descriptionof that which is to be signed, e.g. payee, amount, date, anddescription. The display program D then locks the physical displaydevice and displays afterwards the necessary information to the user. Ifthe user agrees, the display program D releases the lock and the termswill be passed to a signing program S, such as mentioned with referenceto FIG. 3.

[0083] 5. The bank computes ka⁻¹ H(D) and places this in a helper orregistration program C, as shown with reference to FIG. 5.

Individual Setup

[0084] It is assumed that the bank wishes to generate and distributekeys for the user.

[0085] 1. For each user U, the bank generates a key pair uk/uk⁻¹ and anapplication CU carrying the signed key pair mk⁻¹ (uk/uk⁻¹).

[0086] 2. The bank provides to the user U the display program D, thesigning program S, the registration program C, and the application CU.Only the application CU depends on the user U and is the only componentrequiring secrecy. The bank may wish to split the secret in some way.

[0087] 3. Then, the user U installs the applications mentioned in thestep above and the system automatically sets up four new securitydomains corresponding to the respective program-specific identifiersH(D), H(S), H(C), and H(CU).

[0088] 4. The user U executes application CU which sends to the signingprogram S a message including mk⁻¹ (uk/uk⁻¹). The signing program Sverifies that uk/uk⁻¹ is a valid user key using the key mk. Theapplication CU then calls the registration program C and deletes itself,because it has no more purposes. The registration program C sends to thesigning program S a message including ka⁻¹ H(D). Next, the signingprogram S uses ka to verify whether the display program D is a trustedapplication. Hence, the signing program S trusts the display program D.

[0089] When an application or program, as the WAP browser, wishes togenerate a signature, it passes the text or document to the displayprogram D for display and approval. If the user U approves the requestis passed on to the signing program S which then sign it. The signingprogram S knows that the request reflects the users desires because itcomes from the trusted display program D. The signature is eventuallyreturned to the initial application.

[0090] If the bank wishes to generate a new application N, e.g. for homebanking, trusted by the signing program S then they only generate ahelper application C′ carrying ka⁻¹ H(N).

Smartcard

[0091] If the bank wishes to use a smartcard to protect the privateportion of the user's key pair, then the Individual Setup can be variedas follows.

[0092] 1. For each user U_(s), the bank generates a key pair uk/uk⁻¹ andput it on the smartcard. This key pair uk/uk⁻¹ can be signed with thebank's master key mk⁻¹ (uk/uk⁻¹).

[0093] 2. The bank provides to the user U_(s) at least the displayprogram D and the registration program C.

[0094] 3. Then, the user U_(s) installs the applications mentioned inthe step above and the system automatically sets up two new securitydomains corresponding to the respective program-specific identifiersH(D) and H(C).

[0095] 4. The user U_(s) executes the registration program C which sendsthe smartcard a message including ka⁻¹ H(D). The smartcard uses ka toverify that the display program D is a trusted application and henceforth trusts the display program D.

[0096] When the display program D sends a request to the smartcard, therequest is delivered along with the program-specific identifier H(D) ofthe display program D.

[0097] Any disclosed embodiment may be combined with one or several ofthe other embodiments shown and/or described. This is also possible forone or more features of the embodiments.

[0098] The present invention can be realized in hardware, software, or acombination of hardware and software. Any kind of computer system—orother apparatus adapted for carrying out the methods described herein—issuited. A typical combination of hardware and software could be ageneral purpose computer system with a computer program that, when beingloaded and executed, controls the computer system such that it carriesout the methods described herein. The present invention can also beembedded in a computer program product, which comprises all the featuresenabling the implementation of the methods described herein, andwhich—when loaded in a computer system—is able to carry out thesemethods.

[0099] Computer program means or computer program in the present contextmean any expression, in any language, code or notation, of a set ofinstructions intended to cause a system having an information processingcapability to perform a particular function either directly or aftereither or both of the following a) conversion to another language, codeor notation; b) reproduction in a different material form.

1. A method for verifying the identity of a message-originator program(D) by a message-receiver program (S), the method comprising the stepsof: receiving from said message-originator program (D) a messagecomprising a program-specific identifier (H(D)), which has been providedfor said message-originator program (D) by means of a trusted computingbase (TCB); and verifying whether said received program-specificidentifier (H(D)) is known to said message-receiver program (S).
 2. Amethod for disclosing the identity of a message-originator program (D)to a message-receiver program (S), the method comprising: sending fromsaid message-originator program (D) to said message-receiver program (S)a message comprising a program-specific identifier (H(D)), which hasbeen provided for said message-originator program (D) by means of atrusted computing base (TCB), said program-specific identifier (H(D))being verifiable at said message-receiver program (S) whether it isknown to said message-receiver program (S).
 3. A method for verifyingthe identity of a message-originator program (D) by a message-receiverprogram (S), the method comprising the steps of: providing aprogram-specific identifier (H(D)) for said message-originator program(D) by means of a trusted computing base (TCB); sending from saidmessage-originator program (D) to said message-receiver program (S) amessage comprising said program-specific identifier (H(D)); receiving atsaid message-receiver program (S) said message; and verifying whethersaid received program-specific identifier (H(D)) is known to saidmessage-receiver program (S).
 4. Method according to claim 1, whereinthe message-receiver program (S) afterwards becomes aresponse-message-originator program and sends a response-message to themessage-originator program (D) comprising: a response-program-specificidentifier (H(S)), which has been provided for saidresponse-message-originator program by means of the trusted computingbase (TCB); and an acknowledgment if the program-specific identifier(H(D)) has been verified as being known.
 5. Method according to claim 1,wherein a substantially unique cryptographic identifier that is derivedby applying a cryptographic function (H) to the message-originatorprogram (D), preferably a hash function, and more preferably aone-way-hash function, such as MD5 or SHA-1, is used as theprogram-specific identifier (H(D)).
 6. Method according to claim 1,further comprising the step of signing the program-specific identifier(H(D)) and/or the message by use of a private cryptographic key (k⁻¹) toestablish trust between different programs.
 7. Method according to claim6, wherein the message further comprises an additional program-specificidentifier (H(G)) that is signed by use of the private cryptographic key(k⁻¹) to establish a membership of an additional program in a trustrelationship.
 8. Method according to claim 1, wherein themessage-receiver program (S) has a public cryptographic key (k). 9.Method according to claim 1, wherein the message-receiver program (S)and/or the trusted computing base (TCB) use(s) a list comprisingpre-stored program-specific identifiers and wherein saidmessage-receiver program (S) verifies whether the program-specificidentifier (H(D)) is identical to one of said pre-storedprogram-specific identifiers.
 10. Method according to claim 1, whereinthe message-receiver program (S) sends a rejection-message if theprogram-specific identifier (H(D)) is not verified as being known. 11.Method according to claim 1, wherein the message-originator program (D)and the message-receiver program (S) are executed on different systemsand are connectable via a network, each having its trusted computingbase (TCB) for providing program-specific cryptographic identifiers. 12.A computer program comprising program code means for performing thesteps of claim 1, when said program is run on a computer.
 13. A computerprogram product comprising program code means stored on a computerreadable medium for performing the method of claim 1, when said programproduct is run on a computer.
 14. An apparatus for verifying theidentity of a message-originator program (D) by a message-receiverprogram (S) on a computer, the apparatus comprising: computing means; areceiver-module for receiving from said message-originator program (D) amessage comprising a program-specific identifier (H(D)), which has beenprovided for said message-originator program (D) by means of a trustedcomputing base (TCB); and a verifier-module that verifies whether saidprogram-specific identifier (H(D)) is known to said message-receiverprogram (S).
 15. An apparatus for disclosing the identity of amessage-originator program (D) by a message-receiver program (S) on acomputer, the apparatus comprising: computing means; a trusted computingbase (TCB) comprising a generator-module for creating a program-specificidentifier (H(D)); and a sender-module for sending from saidmessage-originator program (D) a message comprising saidprogram-specific identifier (H(D)), said program-specific identifier(H(D)) being verifiable at said message-receiver program (S) whether itis known to said message-receiver program (S).